Low severity3.7NVD Advisory· Published Jul 31, 2025· Updated Apr 15, 2026

CVE-2023-32251

Description

A vulnerability has been identified in the Linux kernel's ksmbd component (kernel SMB/CIFS server). A security control designed to prevent dictionary attacks, which introduces a 5-second delay during session setup, can be bypassed through the use of asynchronous requests. This bypass negates the intended anti-brute-force protection, potentially allowing attackers to conduct dictionary attacks more efficiently against user credentials or other authentication mechanisms.

Patches

b096d97f4732

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.gitvia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

access.redhat.com/security/cve/CVE-2023-32251nvd
bugzilla.redhat.com/show_bug.cginvd
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/nvd
www.zerodayinitiative.com/advisories/ZDI-23-699/nvd

News mentions

No linked articles in our index yet.

cvss	0.240
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000